PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

248w ago - Earlier today we reported that the PSJailBreak PS3 modchip is easily dumped and that PSJailBreak clones are already on the way, and now some PlayStation 3 developers are working on reverse-engineering the costly USB device in hopes to make a less expensive or free scene alternative available soon.

Tsujin, knightsolidus and bushing have made brief attempts at determining the PSJailBreak IC chip and pin-out, while Neme6 of Logic-Sunrise (linked above) has also shared his findings thus far.

More pictures are available HERE for those curious, and to quote, roughly translated on the linked pics:

"Many teams are studying the JSP to try to clone a low cost and how it works. From the photos released, I tried to determine the electronic design of PSJ.

Here is the result of my work and my observations. Feel free to post if can lighten the shadows that remain.

First ICP is probably the type PIC18F declination 4455, 4550, 4458, 4553. The size of the EEPROM is 256 bytes."

Comments:

Components (red dots)
A: Resistor, 1K
B: LED
C: LED
D: Resistor, 1k
E:?? Resistor ?? Resistor??
F:?? Capacitor ?? Capacitor??
G:?? Resistor ?? Resistor??
H:?? Resistor ; 1K (Pullup resistor) ?? Resistor, 1K (pullup resistor)??
I:?? Capacitor ?? Capacitor??
J: Capacitor, 100nF (Decoupling cap)
. . : XTAL

•The blue dots A, B and D control the LEDs.
•The blue dots K, L, G and H are for power (Vdd, Vss).
•I suppose the blue dots M, I and J are to program the PIC (ICPGC, ICPGD, / MCLR).
•Points E and F are blue and OSC1 OSC2. They should be connected to XTAL (orange dots A and B).
•And the GND (file alpha) through two 22pF capacity.
•The orange dot F, there should be a link with USB.D-(I can not quite see from the photos).
•Maybe the orange dot at point C is connected blue M (ICPGC).
•Maybe the orange dot C is connected to pin 33 (/ ICRST).
•I guess the orange dot E is connected to a via (through hole) noted alpha.

PSJailBreak Reverse-Engineering Details Begin to Surface

PSJailBreak Reverse-Engineering Details Begin to Surface

PSJailBreak Reverse-Engineering Details Begin to Surface

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#39 - PS4 News - 248w ago
PS4 News's Avatar
Please use the new thread here to resume discussion guys: http://www.ps4news.com/forums/ps3-hacks/psjailbreak-reverse-engineered-requires-hardware-update-112195.html

#38 - xantra - 248w ago
xantra's Avatar
I have made a schematic with your details. Someone can put off the for confirme connections under it?

#37 - wallace80 - 248w ago
wallace80's Avatar
Quote Originally Posted by daveribz View Post
It can run unsigned code and it makes all debug options available AND functional

go back and watch all the videos now available online, do you see any of the options in the XMB that debug units have?

the answer is no. it can run unsigned code yeah but it doesnt convert units to debug out of the box, most likely a debug firmware will have to be flashed first.

#36 - dinzy - 248w ago
dinzy's Avatar
I wouldn't realize anything until I see it 100% confirmed. Has anyone actually demonstrated unsigned code? And if so how does that guarantee custom firmware? This device requires 3.41 firmware to run, meaning it might run after the 3.41 FW boots.

If it is a true Sony Jig, they may make it so each FW has a counterpart Jig FW, rendering this jig only useable with SOny signed 3.41 firmware.

#35 - laggmaster - 248w ago
laggmaster's Avatar
Quote Originally Posted by dinzy View Post
I'm hoping for a clone that will work on FW 3.15. If this thing does not allow Custom FW then I think there is still value in having OtherOS.


As mentioned earlier in this thread you would realize that the ability to run unsigned code will eventually give you custom firmware as we can now install custom .pkg files (ultimately giving us access to all of the functions of the ps3, givin a good homebrew app you could probably do it yourself).... it is believed to be a sony service jig in theory it should work on any firmware under 3.41 because you know that sony is going to change it up for the next firmware update(probably only a day or two off)

#34 - dinzy - 248w ago
dinzy's Avatar
I'm hoping for a clone that will work on FW 3.15. If this thing does not allow Custom FW then I think there is still value in having OtherOS.

#33 - tripellex - 248w ago
tripellex's Avatar
Quote Originally Posted by sk group View Post
lmao, looks like you should stop focusing on money for a bit

lol but I like money

#32 - BwE - 248w ago
BwE's Avatar
Quote Originally Posted by tripellex View Post
What's neat to consider here though is, even though the PKGs are ran in game/user mode, it essentially puts our foot in the door, possibly allowing us to elevate privileges. With Geo's exploit, we were only able to "peek" at privileged HW functions, and not necessarily modify them in any useful way. For a simpler explanation, think of it like this:

With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.

With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.

The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.


lmao, looks like you should stop focusing on money for a bit

#31 - randalf - 248w ago
randalf's Avatar
Quote Originally Posted by daveribz View Post
It can run unsigned code and it makes all debug options available AND functional (install pkg file will only work on REAL debug/test PS3's, not on pseudo hybrid retail-debug consoles).

Hi,

That has always been a false belief, but popular, Install package worked perfectly on retail hybrid pseudo-debug consoles, I assure you I had occasion to check on several units and save images from a couple of years ago that I show to see if you like, note also that I could install pkg retail, also other functions were also fully operational as bd_emu format, change button, region seting, free HDD space, free space fake, check game column, etc.It was my own experience, real time later when I debug I could see that actually worked a few options.

#30 - tripellex - 248w ago
tripellex's Avatar
Quote Originally Posted by daveribz View Post

I'm not quite sure.. From what I understand, unsigned code is only ran in 'game' or 'user' mode and we're limited in what can be achieved through this mode. Updates and other core stuff requires higher privileges. It's like the PSP: we couldn't do much with user mode exploits, kernel exploits were needed to flash custom firmwares.


What's neat to consider here though is, even though the PKGs are ran in game/user mode, it essentially puts our foot in the door, possibly allowing us to elevate privileges. With Geo's exploit, we were only able to "peek" at privileged HW functions, and not necessarily modify them in any useful way. For a simpler explanation, think of it like this:

With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.

With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.

The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.